AMENDMENTS TO THE CLAIMS 



1. (Currently Amended) A method to detect tampering with registry 
settings in a computer, comprising: 

generating by an application program running in the computer a user 
identity value associated with a user identity that is authorized to change a 
system registry of the computer, the user identity value is generated by a one- 
way function; 

storing the user identity value; 

generating by the application program a registry security value associated 
with said system registry each time a system registry setting is changed within 
the application by an authorized user, the registry security value is generated by 
a one-way function; 

storing the registry security value; aftd- 

when reading from the system registry, generating a new registry security 
value, comparing the new registry security value with the stored registry 
security value and allowing processing to continue if the new registry security 
value is equal to the stored registry security value; and 

when monitoring the system registry for attempts to change the system 
registry, (1) prompting for user identity information and generating a new user 
identity value and comparing it with the stored user identity value, and (2) 
generating a new registry security value and comparing it with the stored 
registry security value, and if both of the new values match the stored values 
then allowing the user to make changes to 

authenticating by the application program tho oyotom registry after 
reading the system registry. 

2. (Currently Amended) A method as in claim 1, wherein generating a user 
identity value associated with a user identity comprises inserting at least one of the-a 
username and password in the one-way function to obtain the user identity value 
associated with the user identity. 



042390.P11396 



2 



09/885,234 



3. (Previously Presented) A method as in claim 1, wherein generating a 
registry security value associated with a system registry comprises: 

concatenating system registry information; and 

inserting the concatenated system registry information in a-the one-way 
function to obtain the registry security value. 

4. (Previously Presented) A method as in claim 3, wherein concatenating 
system registry information comprises concatenating at least one of system registry files 
and system registry handle keys. 

5. (Canceled). 

6. (Currently Amended) A method as in claim 1 further comprising 
modifying the system registry in response to being provided the user identity value and 
the registry security valuo the new user identify and registry security values matching 
the stored values . 

Claims 7-9 (Canceled). 

10. (Currently Amended) An article of manufacture comprising: 

a machine-accessible medium including instructions that, when executed 
by a machine, causes the machine to perform operations comprising 

generating a user identity value associated with a user identity that 
is authorized to access a system registry of said machine, the user identity 
value is generated by a one-way function; 
storing the user identity value; 

generating a registry security value associated with the system 
registry each time a system registry setting is changed by an authorized 
user; 

storing the registry security value; 

when reading from the system registry, generating a new registry 
security value, comparing the new registry security value with the stored 
registry security value and allowing processing to continue if the new 
registry security value is equal to the stored registry security value; 
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when monitoring the system registry for attempts to change the 
system registry, prompting for user identity information and g enerating a 
new user identity value associated with a new user identity seeking access 
to the system registry and comparing the new user identity value to the 
stored user identity value; 

authenticating the system registry after reading the system registry; 

and 

applying a one-way function to the system registry settings as 
changed by the new user identity to obtain a new registry security value 
and storing the new registry security value for a subsequent 
authentication of the system registry. 

11. (Currently Amended) An article of manufacture as in claim 10 wherein 
instructions for generating the user identity value associated with a-the user identity 
comprises further instructions for inserting at least one of the user's username and 
password in a one-way function to obtain the user identity value associated with the 
user identity. 

12. (Currently Amended) An article of manufacture as in claim 10 wherein 
instructions for generating a -the registry security value associated with a- the system 
registry comprises further instructions for 

concatenating system registry information; and 
inserting the concatenated system registry information in a one-way 
function to obtain the registry security value. 

13. (Previously Presented) An article of manufacture as in claim 12, wherein 
instructions for concatenating system registry information comprises further 
instructions for concatenating at least one of system registry files and system registry 
handle keys. 

14. (Previously Presented) An article of manufacture as in claim 10 wherein 
instructions for authenticating the system registry after reading the system registry 
comprises further instructions for 

generating a new registry security value; 
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comparing the new registry security value with the stored registry 
security value; and 

allowing processing to continue if the new registry security value is equal 
to the stored registry security value. 

15. (Currently Amended) An article of manufacture as in claim 10 further 
comprising instructions for modifying the system registry in response to being 
provided the user identity value and the registry occuritv valuo the new user identity 
and registry security values matching the stored values . 

Claims 16-18 (Canceled). 

19. (Currently Amended) An apparatus comprising: 
a bus; 

a data storage device coupled to said bus and that stores a plurality of 
instructions which implement an application program; and 

a processor coupled to said data storage device, said processor operable to 
receive said instructions which, when executed by the processor, cause the 
processor to 

generate a user identity value associated with a user identity that is 
authorized to change a system registry of said apparatus, the user identity 
value is generated by a one-way function; 

store the user identity value; 

obtain a now user identity value; 

compare the new uocr identify value with the otored uoor identity 

generate a registry security value associated with said system 
registry each time a system registry setting is changed within the 
application by an authorized user; 

store the registry security value; a«4 

when reading from the system registry, generate a new registry 
security value, compare the new registry security value with the stored 
registry security value and allow processing to continue if the new 
registry security value is equal to the stored registry security value; and 
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when monitoring the system registry for attempts to change the 
system registry, (1) generate a new user identity value and compare it 
with the stored user identity value, and (2) generate a new registry 
security value and compare it with the stored registry security value, and 
if both of the new values match the stored values then allow the user to 
make changes to the system registry 

authenticate the system rogiotry aftor reading the system rogiotry 
based on tho stored registry security valuo . 

20. (Currently Amended) An apparatus as in claim 19, wherein the processor 
ispperable to receive instructions which, when executed by the processor, cause the 
processor to gonorato , when generating a user identity value associated with a user 
identity comprises the procoosor to insert at least one of the username and password in 
the one way function to obtain the user identity value. 

21. (Currently Amended) An apparatus as in claim 19, wherein the processor 
ispperable to receive instructions which, when executed by the processor, cause the 
processor to,. 

gonorato when generating a registry security value associated with a 
system registry comprises tho processor to L concatenate system registry 
information; and 

insert the concatenated system registry information in a function to obtain 
the registry security value. 

22. (Currently Amended) An apparatus as in claim 21, wherein the processor 
isto concatenate system registry information comprises tho processor to concatonatob y 
concatenating at least one of system registry files and system registry handle keys. 

23. (Canceled). 

24. (Currently Amended) An apparatus as in claim 19 wherein the processor 
ispperable to receive instructions which, when executed by the processor, further 
causes c ause the processor to modify the system registry in response to being provided 
the- a new user identity value and the -a new registry security value that match the 
stored values . 
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Claims 25-28 (Canceled). 

29. (Previously Presented) An article of manufacture as in claim 10 further 
comprising instructions for 

allowing processing to continue if the new user identity value is equal to 
the stored user identity value. 

Claims 30-31 (Canceled). 
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